Senior Identity & Access GRC Engineer

## Join Us\n\nAt Vodafone, we\u2019re not just shaping the future of connectivity for our customers \u2013 we\u2019re shaping the future for everyone who joins our team. When you work with us, you\u2019re part of a global mission to connect people, solve complex challenges, and create a sustainable and more inclusive world. If you want to grow your career whilst finding the perfect balance between work and life, Vodafone offers the opportunities to help you belong and make a real impact.\n\nSenior Identity \u0026 Access Governance Engineer is responsible for the design, implementation and continuous improvement of Identity and Access Management (IAM) controls across the organization to mitigate cyber risk and ensure compliance with local/international regulatory requirements. The role sits within the GRC function and acts as the technical authority for identity governance, ensuring the translation of policies into enforceable and auditable technical controls across on-premises, cloud and hybrid environments. This is a senior, hands-on role with governance responsibilities and cross-functional influence, who will design the operating model, define governance frameworks, implement risk-based controls and set the IAM maturity level at the enterprise level.\n\n## What you\u2019ll do\n\nMain Responsibilities: \nIdentity Control Governance and Design \n\u2022 Define IAM governance framework, standards and control structure \n\u2022 Design IAM operational model \n\u2022 Translate IAM policies and standards into applicable technical controls \n\u2022 Design and maintain enterprise-wide RBAC models aligned with business roles and risk levels \n\u2022 Define and enforce Segregation of Functions (SoD) controls \n\u2022 Establish Key Risk Indicators (KRIs) and control effectiveness metrics \n\u2022 Maintain IAM documentation and record repository \n\u2022 Create an IAM maturity roadmap \n\u2022 Ensure alignment with Zero Trust principles \nIdentity Lifecycle Management (JML) \n\u2022 Design and optimize Joiner Mover Leaver processes \n\u2022 Ensure automatic provisioning and revocation of access in critical systems \n\u2022 Reduce accounts orphaned, inactive, and overprivileged \n\u2022 Integrate IAM with authoritative sources (HR and identity sources) \n\u2022 Define SLAs for deprovisioning and monitor compliance \n\u2022 Establish access recertification governance \nPrivileged access governance \n\u2022 Define governance framework for Privileged Access Management (PAM) \n\u2022 Reduce permanent administrative privileges \n\u2022 Implement Just in Time (JIT) and least privilege / Just Enough Access (JEA) principles \n\u2022 Ensure privileged session monitoring and logging controls \n\u2022 Coordinate with CSOC for identity-based detection cases \nAuthentication and access control \n\u2022 Ensure MFA enforcement for critical systems and high-risk users \n\u2022 Validate SSO and federation configurations \n\u2022 Define authentication assurance levels based on risk \n\u2022 Align identity controls with Zero Trust principles \nSupport for compliance and audit \n\u2022 Ensure alignment IAM with: \no NIS2 \no ISO 27001 \no GDPR \no Internal Security Policies \n\u2022 Support for internal and external audits \n\u2022 Provide IAM records and remediation plans \n\u2022 Track and remediate IAM non-conformities \nOversee and modernize the IAM platform \n\u2022 Assess the health of IAM/IdM platforms and lifecycle risks (EOL/EOS) \n\u2022 Identify coverage gaps in applications and cloud environments \n\u2022 Propose a modernization and improvement roadmap \n\u2022 Lead the integration of new systems in the IAM area \nCross-functional collaboration \n\u2022 Close collaboration with: \no IT Operations \no Network Operations \no HR \no Application Owners \no Cloud \u0026 DevOps Teams \no CSOC \no Business teams \n\u2022 Act as SME in the identity area during security incidents \n\u2022 Ensure the inclusion of identity risks in the enterprise risk register\n\n## Who you are\n\nExperience \n\u2022 5\u20138+ years of experience in IAM or Identity Governance \n\u2022 Experience in building or transforming IAM capabilities \n\u2022 Hands-on experience with enterprise IAM platforms (SailPoint, Saviynt, OneIdentity, Okta, Microsoft Entra ID) \n\u2022 Experience with PAM solutions (CyberArk, BeyondTrust) \n\u2022 Strong knowledge of: \no RBAC / ABAC \no Segregation of Functions (SoD) \no SAML, OAuth2, OIDC \no LDAP / Active Directory \no MFA and conditional access policies \n\u2022 Experience in regulated environments (telecom, financial, utilities \u2013 preferred) \n\u2022 Experience in supporting audit and compliance programs\n\nTechnical Skills \n\u2022 Enterprise IAM architecture and design \n\u2022 JML frameworks \n\u2022 Governance models for privileged access \n\u2022 Authentication and federation architecture (SSO, MFA, conditional access) \n\u2022 IAM integration in cloud and hybrid environments \n\u2022 Risk assessment and identity controls \n\u2022 Logging, monitoring and traceability requirements for identity systems \n\u2022 Ability to assess and improve the health of IAM platforms \nKey competencies \n\u2022 Risk-based thinking \n\u2022 Ability to translate regulatory requirements into technical controls \n\u2022 Structured documentation and records management \n\u2022 Strong communication skills \n\u2022 Proactivity and ownership orientation \n\u2022 Ability to identify control deficiencies and propose solutions \n\u2022 Strategic thinking and long-term planning \n\u2022 Project management \n\u2022 Teamwork and accurate reporting \n\u2022 Problem-solving, negotiation, deadline orientation\n\nRecommended technical/professional certifications: \n\u2022 CISSP \n\u2022 CISA \n\u2022 CISM \n\u2022 CIAM / Certified Identity and Access Manager \n\u2022 Microsoft Certified: Identity and Access Administrator Associate \n\u2022 CyberArk Defender / Sentry \n\u2022 ISO 27001 Lead Implementer / Lead Auditor\n\n## Not a perfect fit?\n\nWorried that you don\u2019t meet all the desired criteria exactly? At Vodafone we are passionate about empowering people and creating a workplace where everyone can thrive, whatever their personal or professional background. If you\u2019re excited about this role but your experience doesn\u2019t align exactly with every part of the job description, we encourage you to still apply as you may be the right candidate for this role or another opportunity.\n\n## What\u0027s in it for you\n\n\u2022 Hybrid working regime 2 days from the office, 3 days remote \n\u2022 Special discounts for Vodafone employees, Friends \u0026 Family offers \n\u2022 Demo telephone subscription - unlimited (voice and data) \n\u2022 Voucher for the purchase of a mobile phone \n\u2022 Medical subscription to a top private clinic \u0026 other medical benefits \n\u2022 Insurance for hospitalization and surgical interventions \n\u2022 Life insurance \n\u2022 Meal tickets \n\u2022 Bookster subscription \n\u2022 Participation in development programs and challenging projects in the leadership area \n\u2022 Access to internal Wellbeing \u0026 Recognition events \n\u2022 Extra vacation days (for seniority, special events, volunteering) \n\u2022 You will benefit from specializations in your field of activity, through programs based on modern training methods and systems\n\n## Who we are\n\nWe are a leading international Telco, serving millions of customers. At Vodafone, we believe that connectivity is a force for good. If we use it for the things that really matter, it can improve people\u0027s lives and the world around us. Through our technology we empower people, connecting everyone regardless of who they are or where they live and we protect the planet, whilst helping our customers do the same.\n\nBelonging at Vodafone isn\u0027t a concept; it\u0027s lived, breathed, and cultivated through everything we do. You\u0027ll be part of a global and diverse community, with many different minds, abilities, backgrounds and cultures. ;We\u0027re committed to increase diversity, ensure equal representation, and make Vodafone a place everyone feels safe, valued and included.\n\nIf you require any reasonable adjustments or have an accessibility request as part of your recruitment journey, for example, extended time or breaks in between online assessments, please refer to https://careers.vodafone.com/application-adjustments/ for guidance.\n\nTogether we can.\n